Recent posts to news

Recent posts to news

We are pleased to announce the latest NST release: "NST 24 SVN:7977". This release is based on Fedora 24 using Linux Kernel: "4.6.3-300.fc24". This release brings the NST distribution on par with Fedora 24.

Here are some of the highlights for this release:

NST will now be delivered as a 64 bit image only. 32 bit images have been retired.

A new Multi-Traceroute (MTR) networking tool has been developed for NST 24. This tool provides an interactive Traceroute visual using Scapy similar to the Traceroute Command and has been integrated into the NST WUI. Results from the tool can expose load balance tiers and NAT. NST uses the Python 3 version of Scapy known as Scapy3k. MTR includes new networking features such as running multiple queries with each target, display of Round Trip Time (RTT), selection of using Network Protocols: TCP, UDP and ICMP and enhanced SVG graphical results. Key NST WUI integration features include GUI options interface, an interactive MTR SVG graphic, NST IPv4 Address Tools integration, IPv4 Address Geolocation, MTR session Packet Capture, ASN lookup, MTR historical session selection and management, MTR SVG graphic editing, MTR session console output access and SVG Graphic image conversion.
The MTR graphic below shows the results of running a TCP Multi-Traceroute session to both the "www.networksecuritytoolkit.org" and "www.bing.com" sites using ports: "80" and "443" with a query count of "2". This results in a total of "8" trace routes. See the "Document on MTR" at the NST Wiki site for additional usage examples and a reference guide.

A new interactive 3D Pie Chart depicting the results from a ntop Deep Packet Inspection (nDPI) is now an integral part of the NST WUI Network Packet Capture protocol decode. An example nDPI Decode visual is shown below. See the "Document on 3D Pie Chart of nDPI Detected Protocols" at the NST Wiki site for a reference diagram.

Added the "SSLyze" project for analyzing a server's SSL configuration to the NST Networking Tools Widget.

A darkness/lightness Google Map control has been added the the NST Map Tools. This control allows to one to make the background map image less intrusive.

As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

For more details related to the code changes for this release, refer to the "Change Log" page.

This ISO release fixes several bugs found in the NST WUI after the NST 22-7248 release. We found these fixes sufficient enough to distribute and build a new NST ISO. This 4.2.3-200.fc22.i686 kernel is used with this release.

We are pleased to announce the latest NST release: "NST 22 SVN:7248". This release is based on Fedora 22 using Linux Kernel: "4.1.7-200.fc22". This release brings the NST distribution on par with Fedora 22.
Here are some of the highlights for this release:
Development of a new geolocation map presentation using technology from the WebGL Globe project. This allows for gelocated IPv4 Addresses to be rendered on a globe within your browser using WebGL. See the live demo on the NST Wiki site: NST WebGL (View Globe).
One can now populate the NST Networking Tools Widgets with results from many of the NST integrated applications. The Graphic below demonstrates populating IPv4 Addresses derived from a Network ARP Scanner session into the NST IPv4 Address Tools widget.
Each NST Networking Tools Widget has an associated Storage Manager for loading and saving IPv4, IPv6 and MAC Addresses as well as Host Names. An import / export feature is also availble for transferring these saved addresses and hosts between different NST systems.
A new Host Map Marker Cloning mapping tool feature is available. This allows one to take a snapshot of a host geolocation map and then perform additional analysis tasks with the cloned map and markers.
The NST Network Interface Bandwidth Monitor 2 has been updated to support the use of Secure WebSockets for reducing the load on the web browser and provide significantly higher query update rate performance.
The Promiscuous State of a network interface device can be manually controlled by the nstnetcfg script. A Promiscuous Service can be used to enable the Promiscuous mode on one or more network interface adapters during a system boot. This service is useful for an application like the NST Network Interface Bandwidth Monitor 2 that requires a network interface device to be put in Promiscuous mode for monitoring all network traffic on the device.
The professional version of ntopng is now bundled with the 64 bit version of NST. A separate license from ntop is required to activate its advanced features.
The NST Shell Console now supports ANSI color decode and custom color output results.
The NST WUI and associated NST integrated applications have been upgraded to support DNF, the new package manager used by Fedora. This is a replacement of the Yum package manager.
A new Javascript-based NST WUI Systemd widget has been developed to help manage NST system and network services throughout the WUI. This is a completely new rewrite of the retired Bash-based CGI implementation.
The NST WUI web service now runs as a separate instance of the HTTPD service on ports: "9980" (local HTTP) and "9943" (HTTPS). This allows one to run a typical web server on NST without the interference of the WUI on standard ports: "80" (HTTP) and "443" (HTTPS).
As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.
For more details related to the code changes for this release, refer to the "Change Log" page.
[...]

We are pleased to announce the latest NST release: "NST 20 SVN:6535". This is an interim release which includes all of the NST and Fedora 20 package updates since 2014-Feb-20 rolled into a fresh ISO image. This release is based on Fedora 20 using Linux Kernel: "3.18.5-101.fc20". If you are building your own NST YUM repository or have a subscription to the NST PRO YUM repository, you do not need this ISO image. You can simply yum update your NST system(s).

A major effort was put forth in this release in the development of NST Mapping Tools to aide the end-user when working with geolocated network entities on Google Maps (See the NST Wiki article on: "NST Mapping Tools" for additional information).

Here are some of the highlights for this release:
* Development of the NST Mapping Tools which includes the following overlays and widgets (The Image below depicts some of the mapping tools.):
* The display of a dynamic Latitude/Longitude grid overlay on the Google Maps.
* A widget for displaying one or more Distance Measurement Tool Rulers. Units can be displayed in Km, Mi, NM, px, coordinates and round-trip times (msecs).
+ A Distance Measurement Tool Ruler Editor is provided for manual ruler endpoint positioning with precision vernier controls.
An NST Ruler Tool widget for map and web page distance and area measurements.
A Drawing Manager widget for creating basic geometric shape overlays and markers.
A Drawing Manager Editor widget for overlay characteristic management and displaying distance and area calculations.
A Vertex Editor for precise Polyline and Polygon overlay shape creation and placement.
A grid of shape overlay positioning controls for geolocation network entity placement.
A Drawing Overlay Storage Manager for saving and restoring overlays on each NST integrated geolocation map.
A Map Label Editor widget for the creation and management of labeling network entities on NST maps.
Creation of Marker Overlay Waypoints for inventorying network entity geolocations.
Integration of Google Place Search for correlation with geolocated network entities.
Ntopng geolocation integration with the Mercator Map and Google Earth.
nstnetcfg enhancements including Network Bonding Management (See the NST article on: "Managing a 'Bonding' Network Interface").
Creation of an Import/Export Management tool for saving and restoring NST specific configuration and settings between different NST systems. This tool can be advantageous when migrating to a new NST release.
As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.
For more details related to the code changes for this release, refer to the "Change Log" page.

We are pleased to announce the latest NST release: "NST 20 SVN:5650". This release is based on Fedora 20 using Linux Kernel: "3.12.10-300.fc20". Significant effort has been devoted to bringing this release on par with Fedora 20. Starting with NST 20, the "Mate" Desktop is now the preferred desktop.
Here are some of the highlights for this release:
* Added a new drag zoom feature to the "NST Ntopng IPv4 Hosts" application. Ntopng is a network traffic probe used for high-speed web-based traffic analysis and flow collection. This drag zoom feature implements a traditional method for zooming in on a particular area of interest on Google Maps by positioning and sizing a zoom rectangle with the mouse. One can easily use this feature to zoom into an area of clustered Ntopng IPv4 Hosts for further investigation which is depicted in this Annotated Image.
* Integration of the "Mate Desktop" and the "LightDM GTK Desktop" login screen greeter are now the preferred defaults for NST.
* Added a new NST WUI page for the network utility script: "getipaddr".
* Added a new "Network Interface Renaming" mode to the NST script: "nstnetcfg" that creates Predictable Network Interface Names which will survive each system reboot. This capability is beneficial to an NST system equipped with multiple Network Interface adapters.
* Integration of "IPv4 Alias Address Management" into the NST script: "nstnetcfg" that allows for the creation and removal of IPv4 Alias Addresses.
* A number of new articles on getting NST 20 up and running on a system have been written at the NST Wiki site:
* Upgrade to NST 20
* NST 20 Getting Started
* NST 20 Hard Disk Installation
* Copying ISO Images To USB
* As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.
* For more details related to the code changes for this release, refer to the "Change Log" page.[...]

We are pleased to announce the latest NST release: "NST 18 SVN:5413". This is an interim release which includes all of the NST and Fedora 18 package updates since "2013-Apr-13" rolled into a fresh ISO image. If you are building your own NST YUM repository or have a subscription to the NST PRO YUM repository, you do not need this ISO image. You can simply "yum update" your NST system(s).
Here are some of the highlights for this release:
The next generation NST WUI Network Interface Bandwidth Monitor 2 application is available. It includes the following new features and enhancements:
Graph Zoom & Pan - Allows for different graph monitor views and fine-grain data rate measurements.
Selectable Sample Buffer Size - Allows for the generation of very long duration (i.e., days) monitoring graphs.
Data Rate Buffering - Allows for data rate capture while a monitor is paused.
Archive & Loading - Allows for historical review or data analysis from a monitor collected on a different NST system.
Monitor Snapshotting - Generate a Read-Only bandwidth monitoring graph clone for quick data rate measurements.
Trigger Event Graph Color - Create a Visual Alarm Display when a defined trigger event occurs.
Trigger Event Snapshot - Create a Monitor Snapshot each time a defined trigger event occurs.
Monitor Appearance - Customize the look of each monitoring graph.
An NST WUI Network Interface Bandwidth Monitor 2 screenshot is shown here monitoring Network Interface: "p1p1" with the Ruler Measurement Tool enabled.
Integrated the next generation ntop application: "ntopng" into the NST WUI. Ntopng is a network traffic probe used for high-speed web-based traffic analysis and flow collection.
A new NST WUI Geolocation Application: "Ntopng IPv4 Hosts" is available using host information derived from ntopng. This application includes the following features:
Periodically query the ntopng server for Host information and then try to Geolocate each Host on a Google Map.
Map marker management allows one to extend the Geolocation Lifetime of each Host Marker for a user specified time duration.
One can choose from a large collection of transparent Host Markers for the generation of "Geolocated Hosts Heat Maps".
Integration of the NST IPv4 Address Tools widget and the ntopng Web-Based GUI to perform additional Network Surveillance with each ntopng detected Host.
An IPv4 Host Simulator is available to generate Random World-Wide Host Geolocations.
An IPv4 Host Simulator Mode using the GeoIPgen tool with the MaxMind Country WhoIs Database is available to produce Country Level Geolocation Isolation.
Use the IPv4 Host Simulator to expose Networks and Hosts for Global Network Exploration with the vast collection of integrated NST tools.
An NST Ntopng IPv4 Hosts screenshot is shown here with integrated NST tools focusing on host: "lga15s28-in-f4.1e100.net".
Several new tools were added to the NST WUI that allow you to convert files to different formats. These tools can be found under the 'Tools | Convert' menu and include the following abilities:
Convert from PostScript to PDF
Download a URL and render a PDF
Convert ASCII source code files to colorized HTML
Convert image files from one type to another
A new tool was added to the NST WUI that allows you to easily browse the RPM packages installed on the system. To bring up the index of all RPM packages, select 'Tools | WUI Widgets | NST RPM Index' from the menu. If the RPM index was not recently generated it will take a few moments for the system to determine the list of installed RPM packages. Once the index is displayed, you can click on any entry to easily examine information about each installed package.
As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.
For more details related to the code changes for this release, refer to the Change Log page.
[...]

We are pleased to announce the latest NST release: "NST 18 SVN:5413". This is an interim release which includes all of the NST and Fedora 18 package updates since "2013-Apr-13" rolled into a fresh ISO image. If you are building your own NST YUM repository or have a subscription to the NST PRO YUM repository, you do not need this ISO image. You can simply "yum update" your NST system(s).

We are pleased to announce the latest NST release: "NST 18 SVN:4509". This release is based on Fedora 18 using Linux Kernel: "3.8.6-203.fc18". This is the most robust and stable release of NST to date. Significant effort has been devoted to integrate "systemd" service control support with all network services applications thus providing enhanced management and flexibility when using the NST WUI.
Here are some of the highlights for this release:
Created a more friendly and intuitive user experience when booting NST Live and performing a Hard Disk installation.
Added a new NST script: "nstipconf" which provides management to easily setup IPv4 Address and stealth network configurations in an NST system equipped with multiple network interface adapters for performing network surveillance tasks.
Many new NST WUI enhancements and refinements including:
The NST WUI network monitoring management pages (i.e., Nagios Core, Zabbix and Argus Monitor) have been refactored for ease of use, enhanced management and setup capability.
The "Snort" network Intrusion Detection System (IDS) page now uses Barnyard2 integration for Unified2 IDS event data storage to the MySQL database.
A new system SCSI storage device information page was added.
SSH access using the Google Chrome Secure Shell has now been integrated into the NST IPv4 Tools widget. This allows SSH access using the Google Chrome Browser on any OS platform without the need to install a native SSH client.
Many new NST Network Interface Bandwidth Monitor features including:
Added a Query Update Rate Monitor.
Significantly increased the query update rate performance.
Added the ability to create two Custom Bandwith Monitors. This will allow one to simultaneously display network bandwidth rate graphs from two different network interfaces. This can be quite useful for displaying bandwidth network traffic at full line rates when using a non-aggregational network TAP (See the example network diagram below.).
*Each Bandwidth Monitor can now have its appearance customized using a NST Options Widget popup. One can adjust the background color and the color of each monitor graph. The opacity levels can also be adjusted on a per graph basis. These controls use to be global and applied to all monitors, but now they can be applied individually.
Now optionally collecting Bandwidth Monitor Data Rates when the monitor is hidden from view.
Added clearer Threshold Pause State Change information in each status area.
A Threshold Pause Session can now be automatically enabled upon page load.
The Bandwidth Monitor Background Color can change when a Threshold Pause Trigger Event occurs. This can be used in conjunction with the "Auto ReArm" option for a Visual Alarm Display when a Threshold Pause Trigger Event occurs.
You can now download or export Bandwidth Monitor Data Rates as a CSV formatted file which can then be used by most data analysis applications.
A new Threshold Pause Trigger Event Action has been added: The Bandwidth Monitor Data Rates can now be exported as a CSV formatted file to the NST system when a Threshold Pause Trigger Event occurs. A selection of Pause NICs and their associated data rate values can be included in the file.
As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.
For more details related to the code changes for this release, refer to the Change Log page.
[...]

We are pleased to announce the latest NST release: "v2.16.0-4104". This release is based on Fedora 16 using Linux Kernel: "3.4.9-2.fc16". This is a interim release which includes all of the NST and Fedora 16 package updates since 2012-Feb-27 rolled into a fresh ISO image. If you are building your own NST yum repository or have a subscription to the NST PRO yum repository, you may not need this ISO image as you should be able to simply yum update you NST system\(s\).
Here are some of the highlights for this release:
\* The NST project team has worked with the CloudShark folks to facilitate uploading and viewing network packet captures generated by an NST system to either "CloudShark.org" or a "CloudShark Appliance". A new CloudShark Upload Manager tool was created and embedded within the NST WUI to accomplish this. See also the HowTo Use The NST CloudShark Upload Manager NST Wiki page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo\_Use\_The\_NST\_CloudShark\_Upload\_Manager for more information.
\* The NST WUI ARP Scan page, which utilizes the arp-scan utility, has been completed. This allows you to quickly scan and inventory each attached network segment throughout your network infrastructure and also perform additional security auditing on each discovered host. See the article: HowTo Use The NST WUI arp-scan page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo\_Use\_The\_NST\_WUI\_arp-scan\_Page\_To\_Quickly\_Locate\_Hosts for additional information.
\* A separate NST WUI ARP Scan monitoring page was added. This web page is designed to periodically run the arp-scan command. Results are accumulated from each run allowing you to keep track of what systems enter and leave your network throughout the day.
Many new NST WUI enhancements and refinements including:
\* Most NST WUI pages have been enhanced to use an NST Shell Command Console for resultant output. This allows for extreme flexibility when using the results for analysis or reports. See the NST Shell Command Console Reference page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo\_Use\_The\_NST\_Shell\_Command\_Console for additional information.
\* New pop-up network tools widgets have been created for IPv4, IPv6, Host Names, and MAC addresses. NST WUI pages which display network addresses or host names will allow you to click on the network entity to bring up the appropriate tools widget. Once the widget is displayed, you can perform a variety of related actions using the network entity. Each widget has an integrated NST Shell Command Console for results. See the NST Network Tools Widgets Reference page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo\_Use\_The\_NST\_Network\_Tools\_Widgets for additional information.
\* Both the Single and Multi-Tap Network Packet Capture pages now support the new PCAP Next Generation Dump File Format.
\* The NST Network Interface Bandwidth Monitor Ruler Measurement Tool has been enhanced with Peak/Trough Detection and a Ruler Guide Movement Control feature. This feature helps during bandwidth rate analysis by making it easier to position the left and right ruler tool guides when performing data rate measurements. See the NST Bandwidth Monitor Reference Diagram page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/NST\_Network\_Interface\_Bandwidth\_Monitor for more information.
As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.
For more details related to the code changes for this release, refer to the Change Log page: http://www.networksecuritytoolkit.org/nst/log/changelog.html .

We are pleased to announce the latest NST release: "v2.16.0". This release is based on Fedora 16 using Linux Kernel: "3.2.7-1.fc16" .
Here are some of the highlights for this release:
\* Major enhancements to the Network Interface Bandwidth Monitor application including a Threshold Pause feature with bandwidth rate state notifications.
\* Developed a new NST WUI ARP Scan AJAX application which utilizes the arp-scan network tool. One can quickly scan and inventory each attached network segment throughout your network infrastructure and also perform additional security auditing on each discovered host. See the NST Wiki page: "HowTo Use The NST WUI arp-scan Page To Quickly Locate Hosts" for further information.
\* Integrated the w3af \(Web Application Attack and Audit Framework\) into the NST distribution for searching and exploiting web application vulnerabilities.
\* Added the netsniff-ng high performance Linux network analyzer and networking toolkit. It is featured in the NST Wiki article: LAN Ethernet Maximum Rates, Generation, Capturing & Monitoring.
\* The NST WUI is now touch device friendly and now works well with the Apple iPad. See the NST Wiki article: HowTo Use A Touch Device \(iPad\) with NST.
\* Developed many new systemd service controls and improved NST boot management with GRUB2 integration.
\* Many new NST WUI enhancements and refinements including a new CPU usage monitor and DNS name resolver popup widget.
\* As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.